Merge pull request #2011 from cprussin/allow-icloud

feat(staking): allow icloud public relay

Author: cprussin

apps/staking/src/config/server.ts

@@ -55,6 +55,11 @@ export const MAINNET_RPC = process.env.MAINNET_RPC;
 export const HERMES_URL = getOr("HERMES_URL", "https://hermes.pyth.network");
 export const BLOCKED_REGIONS = transformOr("BLOCKED_REGIONS", fromCsv, []);
 export const IP_ALLOWLIST = transformOr("IP_ALLOWLIST", fromCsv, []);
+export const VPN_ORGANIZATION_ALLOWLIST = transformOr(
+  "VPN_ORGANIZATION_ALLOWLIST",
+  fromCsv,
+  ["iCloud Private Relay"],
+);
 export const GOVERNANCE_ONLY_REGIONS = transformOr(
   "GOVERNANCE_ONLY_REGIONS",
   fromCsv,

apps/staking/src/middleware.ts

@@ -12,6 +12,7 @@ import {
   GOVERNANCE_ONLY_REGIONS,
   PROXYCHECK_API_KEY,
   IP_ALLOWLIST,
+  VPN_ORGANIZATION_ALLOWLIST,
 } from "./config/server";
 
 const GEO_BLOCKED_PATH = `/${GEO_BLOCKED_SEGMENT}`;
@@ -61,8 +62,13 @@ const isProxyBlocked = async ({ ip }: NextRequest) => {
   if (proxyCheckClient === undefined || ip === undefined) {
     return false;
   } else {
-    const result = await proxyCheckClient.checkIP(ip, { vpn: 2 });
-    return result[ip]?.proxy === "yes";
+    const response = await proxyCheckClient.checkIP(ip, { vpn: 2 });
+    const result = response[ip];
+    return (
+      result &&
+      result.proxy === "yes" &&
+      !VPN_ORGANIZATION_ALLOWLIST.includes(result.organisation)
+    );
   }
 };